Program development method, program development supporting system, and program installation method

ABSTRACT

An development environment of a high security level is provided for a key-installed system. Development of a program for a system having an LSI device which includes a secure memory is performed by providing another LSI device having the same structure and setting the provided LSI device to a development mode which is different from a product operation mode. Alternatively, the provided LSI device is set to an administrator mode to perform development and encryption of a key-generation program. The LSI device is set to a key-generation mode to execute the encrypted key-generation program, thereby generating various keys.

BACKGROUND OF THE INVENTION

The present invention relates to a technology including a key-installed(key-implemented) system, and development and installation of a programfor an LSI device used in such a system.

In a key-installed system having high secrecy and confidentiality, howto maintain the security of the system in program development andprogram installation processes is a significant challenge.

SUMMARY OF THE INVENTION

The present invention provides to such a key-installed system,high-security program development method and environment and ahigh-security program installation method.

Specifically, the present invention provides a method for developing aprogram which is to be installed in a system having an LSI device. TheLSI device has a secure memory including an unrewritable area. Themethod comprises the steps of providing an LSI device having the samestructure as that of the LSI device; setting the provided LSI device toa development mode so that the provided LSI device is used as adevelopment LSI device, the development mode being different from aproduct operation mode employed at the times of program installation andproduct operation; and developing the program on the development LSIdevice.

According to this method invention, development of a program which is tobe installed in a system having an LSI device which includes a securememory is performed in a development LSI device which has the samestructure as that of the LSI device and which has been set to adevelopment mode that is different from a product operation modeemployed at the times of program installation and product operation.That is, the operation mode of an LSI device which has a secure memoryincluding an unrewritable area and which has high confidentiality isswitched from an installation mode to the development mode so that theLSI device is used as a program development environment. As a result,the security of the program development environment is improved ascompared with conventional techniques.

In the program development method of the present invention, theoperation of the LSI device is preferably restricted such that whenbeing set to the development mode, the LSI device can execute a raw(binary) program, and when being set to the product operation mode, theLSI device cannot execute a raw (binary) program.

The program development method of the present invention preferablyincludes the step of encrypting the program developed on the developmentLSI device at the program development step.

In the program development method of the present invention, theoperation of the LSI device is preferably restricted such that whenbeing set to the development mode, the LSI device cannot generate a keyfor encrypting a raw (binary) program.

The program development method of the present invention preferablyincludes the steps of: providing an LSI device having the same structureas that of the LSI device; setting the provided LSI device to akey-generation mode so that the provided LSI device is used as ankey-generation LSI device, the key-generation mode being different fromthe development mode and an installation mode; and installing anencrypted key-generation program in the key-generation LSI device andexecuting the key-generation program to generate a key. Furthermore, theoperation of the LSI device is preferably restricted such that whenbeing set to the key-generation mode, the LSI device cannot execute araw (binary) program. Alternatively, the program development method ofthe present invention preferably includes the steps of: providing an LSIdevice having the same structure as that of the LSI device; setting theprovided LSI device to an administrator mode so that the provided LSIdevice is used as an administrator LSI device, the administrator modebeing different from the development mode, the installation mode, andthe key-generation mode; and developing the key-generation program andencrypting the developed key-generation program with any key on theadministrator LSI device.

Furthermore, the present invention provides a program developmentsupporting system for supporting development of an encrypted program.The system includes: an LSI device having the same structure as that ofan LSI device on which the encrypted program runs; and an externalmemory for storing a raw (binary) program. The LSI device includes asecure memory for storing common key information regarding a raw commonkey. The LSI device is capable of executing a first step of obtainingthe raw common key from the common key information stored in the securememory, and a second step of encrypting the raw (binary) program inputfrom the external memory using the raw common key.

According to this system invention, an LSI device having the samestructure as that of an LSI device on which an encrypted program to bedeveloped runs is provided as a development environment. In this LSIdevice, a raw common key is obtained from common key information storedin a secure memory, and a raw (binary) program input from an externalmemory is encrypted using the raw common key. That is, decryption intothe raw common key and encryption of the raw (binary) program with theraw common key can be performed. Thus, encryption of a raw (binary)program can be performed while keeping the raw common key secret from aprogram developer.

Furthermore, the present invention provides a program developmentsupporting system for supporting development of an encrypted program.The system includes: an LSI device; and an external memory for storing araw (binary) program. The LSI device includes a secure memory forstoring common key information regarding a raw common key, and a bootROM for storing a boot program. By executing the boot program stored inthe boot ROM, the LSI device executes a first step of obtaining a rawcommon key from the common key information stored in the secure memory,and a second step of encrypting the raw (binary) program input from theexternal memory using the raw common key.

According to this system invention, by executing a boot program in anLSI device, a raw common key is obtained from common key informationstored in a secure memory, and a raw (binary) program input from anexternal memory is encrypted using the raw common key. That is,decryption into the raw common key and encryption of the raw (binary)key with the raw common key are performed not by an external instructionbut by the boot program. Thus, encryption of the raw (binary) programcan be performed while surely keeping the raw common key secret from aprogram developer.

In the program development supporting system of the present invention,the common key information preferably includes an encrypted common keywhich is obtained by encrypting the raw common key with a raw firstintermediate key and an encrypted first intermediate key which isobtained by encrypting the raw first intermediate key with a secondintermediate key. The first step preferably includes the step ofobtaining the raw common key using the encrypted common key, theencrypted first intermediate key and a program encryption seed.

Furthermore, the present invention provides a method for installing anencrypted program in a key-installed system which includes an externalmemory and an LSI device having a secure memory. The method includes: aninitial value setting procedure for storing common key informationregarding a raw common key and inherent key information regarding a rawinherent key in the secure memory; a first step of obtaining in the LSIdevice the raw common key from the common key information stored in thesecure memory; a second step of decrypting in the LSI device a commonkey-encrypted program supplied from the external memory into a raw(binary) program using the raw common key obtained at the first step; athird step of obtaining in the LSI device the raw inherent key from theinherent key information stored in the secure memory; a fourth step ofencrypting in the LSI device the raw (binary) program obtained at thesecond step using the raw inherent key obtained at the third step,thereby obtaining an inherent key-encrypted program; and the step ofinstalling the inherent key-encrypted program obtained at the fourthstep in the external memory.

According to this method invention, a common key-encrypted programsupplied to an LSI device is decrypted using a raw common key obtainedfrom common key information stored in a secure memory, thereby obtaininga raw (binary) program. The obtained raw (binary) program is encryptedusing a raw inherent key obtained from inherent key information storedin the secure memory. That is, before being installed in a system, thecommon key-encrypted program is converted to an inherent key-encryptedprogram by switching the key for encryption from the common key to theinherent key. As a result, programs installed in different products ofusers are programs encrypted with different inherent keys, and thus, theconfidentiality is improved. Furthermore, even if a cipher (encryption)is broken, the number of products to be damaged is restricted, andtherefore, the security is improved as compared with conventionaltechniques.

In the program installation method of the present invention, the LSIdevice preferably includes a boot ROM for storing a boot program, andthe LSI device preferably executes the boot program stored in the bootROM, thereby executing the first to fourth steps.

In the program installation method of the present invention, theinherent key information is preferably stored in an unrewritable area ofthe secure memory.

In the program installation method of the present invention, the commonkey information preferably includes an encrypted common key which isobtained by encrypting the raw common key with a raw first intermediatekey and an encrypted first intermediate key which is obtained byencrypting the raw first intermediate key with a second intermediatekey. The first step preferably includes the step of obtaining the rawcommon key using the encrypted common key, the encrypted firstintermediate key and a program encryption seed.

In the program installation method of the present invention, theinherent key information preferably includes an encrypted inherent keywhich is obtained by encrypting the raw inherent key with a raw firstintermediate key and an encrypted first intermediate key which isobtained by encrypting the raw first intermediate key with a secondintermediate key. The third step preferably includes the step ofobtaining the raw inherent key using the encrypted inherent key, theencrypted first intermediate key and a program encryption seed.

In the program installation method of the present invention, theinherent key information is preferably an inherent ID which is inherentto the LSI device.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram showing a structure of a secure LSI deviceaccording to an embodiment of the present invention.

FIG. 2 illustrates an entire flow of development and manufacture whichuse the secure LSI device of FIG. 1.

FIG. 3 is a flowchart of an entire process flow of a boot program.

FIG. 4 shows a dataflow of preprocessing SZ2.

FIG. 5 shows a dataflow of encryption of a key-generation key.

FIG. 6 is a flowchart of program encryption processing SA2.

FIG. 7 shows a dataflow of program encryption processing SA2.

FIG. 8 is a flowchart of key generator production processing SB1 in thekey-generation mode.

FIGS. 9 and 10 show a dataflow of key generator production processingSB1.

FIG. 11 is a flowchart of key management/issuance processing SB2 in thekey-generation mode.

FIGS. 12 and 13 show a dataflow of key management/issuance processingSB2.

FIG. 14 is a flowchart of program encryption processing SC1 in thedevelopment mode.

FIG. 15 shows a dataflow of program encryption processing SC1.

FIG. 16 is a flowchart of program installation processing SD1 in theproduct operation mode.

FIGS. 17 and 18 show a dataflow of program installation processing SD1.

FIG. 19 is a flowchart of normal boot processing SD2 in the productoperation mode.

FIGS. 20 and 21 show a dataflow of normal boot processing SD2.

FIG. 22 is a flowchart of initial value setting processing SZ1.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

Hereinafter, an embodiment of the present invention is described withreference to the drawings. Note that, in the following descriptions, anencrypted key or program which is obtained by encrypting a key orprogram X using a key Y is represented as “Enc (X, Y)”.

FIG. 1 is a block diagram showing an internal structure of a secure LSIdevice according to the present embodiment. In FIG. 1, the secure LSIdevice 1 can be connected to an external memory (flash memory) 100, anexternal tool 110, or the like, through an external bus 120. Theoperation mode of the secure LSI device 1 can be set by supplying a modeID to the secure LSI device 1.

Major components of the secure LSI device 1, which are relevant to thefollowing descriptions, are briefly described.

The secure LSI device 1 has a secure memory (e.g., secure Flash) 10including an unrewritable area 11. The unrewritable area 11 includes anunrewritable area write flag 12. When a mode ID is once written in thesecure memory 10, the flag value of the unrewritable area write flag 12is changed from “WRITABLE” to “WRITTEN”, and writing in the unrewritablearea 11 is thereafter prohibited. It should be noted that the securememory 10 and the external memory 100 are made of flash memories in thepresent embodiment, but the present invention is not limited thereto.Any type of memory may be used so long as it is nonvolatile.

A private key arithmetic processing section 20 includes registers forstoring various keys and a program encryption seed and performsencryption processing. A key-generation/update sequencer 30 includes amode ID storage register 31. The key-generation/update sequencer 30controls the operation of the private key arithmetic processing section20, i.e., whether or not various keys can be generated, according to amode ID stored in the mode ID storage register 31. Thekey-generation/update sequencer 30 further includes an encryption typeidentifier storage register 32 for storing an encryption typeidentifier. The encryption type identifier indicates what algorithm andkey length are used for encrypting a key or program. Furthermore, aprogram encryption seed 33 is installed in the key-generation/updatesequencer 30.

A mode sequencer 40 also includes a mode ID storage register 41. Themode sequencer 40 controls the operation of an external host interface(I/F) 50, i.e., which interface is used for reading a program or datastored in the external memory 100, according to a mode ID stored in themode ID storage register 41 and the value of a jumper 43. With thisarrangement, it is possible to control whether or not a raw (binary)program stored in the external memory 100 can be executed. The modesequencer 40 further includes an encryption type identifier storageregister 42 for storing an encryption type identifier. The encryptiontype identifier indicates what method is used for encrypting a key.

The external host I/F 50 transmits/receives a program or data to/fromthe external memory 100 or the external tool 110 through one of athrough section 52, a delay section 53 and an encryption engine 54 forprogram decryption, which are included in a program processing section51, and a through section 56 and an encryption engine 57 for contentencryption/decryption, which are included in a data processing section55, according to the control by the mode sequencer 40.

A program input through the through section 52 is not executed insidethe secure LSI device 1 except when the secure LSI device 1 is in anadministrator mode (described later). That is, the through section 52 isactivated when a raw (binary) program is encrypted or when analready-encrypted program is encrypted again using another key. Thesecure LSI device 1 is structured such that the operation of the secureLSI device 1 does not proceed to a program which is input through thethrough section 52 except when the secure LSI device 1 is in anadministrator mode (described later). Therefore, for example, even whenthe secure LSI device 1 completed as a commercial product reads a raw(binary) program through the through section 52, the secure LSI device 1cannot execute the raw (binary) program. It should be noted that, inorder to execute a raw (binary) program, the secure LSI device 1 readsthe raw (binary) program through the delay section 53.

A boot ROM 60 stores a boot program for controlling the boot-upoperation of the secure LSI device 1. A HASH calculation section 70calculates a HASH value for verifying the validity of a program readinto the secure LSI device 1.

Further, the external memory 100 stores programs and contents. Theexternal tool 110 stores various initial values which are to betransferred to and stored in the secure memory 10 at the time of thefirst boot-up of the secure LSI device 1. The type of the initial valuevaries depending on a selected operation mode.

FIG. 2 shows the entire flow of development and manufacture which usethe secure LSI device 1 of FIG. 1. As shown in FIG. 2, the secure LSIdevice 1 operates in the following four operation modes: administratormode (mode ID: 00), key-generation mode (mode ID: 01), development mode(mode ID: 10), and product operation mode (mode ID: 11).

When being set to the administrator mode, the secure LSI device 1operates as an LSI device for an administrator (hereinafter, referred toas “administrator LSI device”). In the administrator LSI device, akey-generation program is developed, and the developed key-generationprogram is encrypted using any key-generation key.

When being set to the key-generation mode, the secure LSI device 1operates as an LSI device for key generation (hereinafter, referred toas “key-generation LSI device”). In the key-generation LSI device, theencrypted key-generation program generated in the administrator LSIdevice is installed, and the key-generation program is executed togenerate various keys.

When being set to the development mode, the secure LSI device 1 operatesas an LSI device for development (hereinafter, referred to as“development LSI device”).

In the development LSI device, an application program which is to beexecuted in an actual product is developed. The application program isencrypted using the program common key.

When being set to the product operation mode, the secure LSI device 1operates as an actual product LSI device. The application programgenerated in the development LSI device and encrypted with the programcommon key is installed in the product LSI device for development.Inside the product LSI device, the installed application program isconverted to an application program encrypted with a program inherentkey. This conversion processing can be executed also in the developmentLSI device for the purpose of debugging the application program.

Hereinafter, details of the operation of the secure LSI device 1 aredescribed for each operation mode with reference to flowcharts anddataflows. The secure LSI device 1 operates as described below byexecuting the boot program stored in the boot ROM 60.

FIG. 3 is a flowchart illustrating the entire process of the bootprogram.

When the secure LSI device 1 is powered on, the boot program stored inthe boot ROM 60 is executed by a CPU 65. Referring to FIG. 3, eachhardware is first initialized (SZ0). Then, various initial values areread from the external tool 110 and set in the secure memory 10 (SZ1).

FIG. 22 is a flowchart which illustrates the initial value settingprocessing SZ1. In the first place, at a jumper 44, it is determinedwhether or not the secure memory 10 is mounted in the LSI device. Next,it is determined whether or not the unrewritable area write flag 12indicates “WRITTEN”. When it indicates “WRITTEN”, the processing SZ1 isended because an initial value is already set in the secure memory 10.When the unrewritable area write flag 12 indicates “WRITABLE”, initialvalues are written in the secure memory 10. In addition to the mode ID,an encrypted program inherent key, address management information anddata inherent key are written in the unrewritable area 11 of the securememory 10. If the first determination indicates that the secure memory10 exists outside the LSI device, the mode ID is overwritten with avalue that indicates the product operation mode. As a result, afraudulent product which has a secure memory 10 outside its LSI packageoperates only when it is in the product operation mode.

Next, the unrewritable area write flag 12 is set to “WRITTEN”, wherebyrewriting in the unrewritable area 11 is thereafter prohibited. Further,an encryption type identifier and an installation mode flag are writtenin general areas 13 and 14. When the mode ID indicates a mode other thanthe administrator mode, an encrypted common key and key-generation keyis written in the general areas 13 and 14 in addition to the encryptiontype identifier and installation mode flag.

Thereafter, preprocessing SZ2 is executed. FIG. 4 illustrates a dataflowof preprocessing SZ2. Herein, the mode ID set in the unrewritable area11 of the secure memory 10 is set in the mode ID storage register 31 ofthe key-generation/update sequencer 30 and in the mode ID storageregister 41 of the mode sequencer 40. Further, the encryption typeidentifier set in the general area 13 of the secure memory 10 is set inthe encryption type identifier storage register 32 of thekey-generation/update sequencer 30 and in the encryption type identifierstorage register 42 of the mode sequencer 40. Furthermore, the addressmanagement information stored in the unrewritable area 11 of the securememory 10 is set in a cipher address segment storage register 81 of anMEMC 80. The processes described hereinabove correspond to initial valuesetting phases PA0, PB0, PC0 and PD0 of FIG. 2.

Thereafter, the operation is performed in a mode determined according tothe value of the mode ID (SZ3).

<Administrator Mode>

When the mode ID is “00”, the secure LSI device 1 is set to theadministrator mode to execute raw (binary) program execution processingSA1 or program encryption processing SA2 depending on the value of thejumper 43 (determined at SA0).

In key-generation program development phase PA1, raw (binary) programexecution processing SA1 is executed to generate a key-generationprogram. The key-generation program is stored in the external memory100.

In key-generation program encryption phase PA2, the key-generationprogram is executed to encrypt any given key-generation key asillustrated in the dataflow of FIG. 5. Specifically, in the externalhost I/F 50, the through section 52 of the program processing section 51is activated by the mode sequencer 40. Then, the key-generation programstored in the external memory 100 is supplied to the CPU 65 through thethrough section 52 and executed by the CPU 65. By executing thekey-generation program, a key-generation key stored in the externalmemory 100 is encrypted by the private key arithmetic processing section20 using the program encryption seed installed in thekey-generation/update sequencer 30.

In the present embodiment, encryption of a key is performed using afirst intermediate key and a second intermediate key. Specifically, as aresult of the encryption, an encrypted key (herein, Enc (key-generationkey, MK1)) is obtained by encrypting a raw (binary) key (herein,key-generation key) using the first intermediate key (herein, MK1), andan encrypted first intermediate key (herein, Enc (MK1, CK)) is obtainedby encrypting the first intermediate key using the second intermediatekey (herein, CK). As a matter of course, the present invention is notlimited to such a key encryption method.

Thereafter, program encryption processing SA2 is executed. FIG. 6 is aflowchart of program encryption processing SA2. FIG. 7 illustrates adataflow of program encryption processing SA2. In the first place, theencrypted key-generation key Enc (key-generation key, MK1), Fnc (MK1,CK), which has been stored in the external memory 100, is set in theprivate key arithmetic processing section 20 through the through section52 of the external host I/F 50 (SA21). The encrypted key-generation keyis decrypted using the program encryption seed installed in thekey-generation/update sequencer 30 to obtain a key-generation key(SA22). Then, a raw (binary) key-generation program stored in theexternal memory 100 is read into the secure LSI device 1 and encryptedusing the key-generation key decrypted at SA22, and the encryptedkey-generation program is written in the external memory 100 (SA23).Furthermore, the raw (binary) key-generation program of the externalmemory 100 is HASH-calculated by the HASH calculation section 70, andthe calculated HASH value is written in the external memory 100 (SA24).

In the administrator mode, according to the operation described above,an encrypted key-generation program which is encrypted using akey-generation key, i.e., Enc (key-generation program, key-generationkey), the encrypted key-generation key Enc (key-generation key, MK1),Enc (MK1, CK), and the HASH value of the key-generation program aregenerated.

<Key-Generation Mode>

When the mode ID is “01”, the secure LSI device 1 is set to thekey-generation mode to execute key generator production processing SB1or key management/issuance processing SB2 depending on the value of theinstallation mode flag (determined at SB0).

In key generator production phase PB1, key generator productionprocessing SB1 is executed. FIG. 8 is a flowchart of processing SB1.FIGS. 9 and 10 illustrate a dataflow of processing SB1. The throughsection 52 of the program processing section 51 included in the externalhost I/F 50 is activated depending on the mode ID and the value of theinstallation mode flag.

In the first place, the encrypted program inherent key Enc (programinherent key, MK0), Enc (M0, CK), which has been stored in theunrewritable area 11, is set in an encrypted key storage register of theprivate key arithmetic processing section 20 (SB11). The encryptedprogram inherent key is decrypted using the program encryption seedinstalled in the key-generation/update sequencer 30 to obtain a programinherent key (SB12). Then, the encrypted key-generation key Enc(key-generation key, MK1), Enc (MK1, CK), which has been set in initialvalue setting phase PB0, is set in the encrypted key storage register ofthe private key arithmetic processing section 20 (SB13). The encryptedkey-generation key is decrypted using the program encryption seedinstalled in the key-generation/update sequencer 30 to obtain a programinherent key (SB14).

Thereafter, the encrypted key-generation program Enc (key-generationprogram, key-generation key), which has been encrypted using thekey-generation key and stored in the external memory 100, is taken intothe private key arithmetic processing section 20 through the throughsection 52 of the program processing section 51 included in the externalhost I/F 50 (SB15). The encrypted key-generation program read into theprivate key arithmetic processing section 20 is decrypted using thekey-generation key and then encrypted using the program inherent key,thereby obtaining an encrypted key-generation program Enc(key-generation program, program inherent key) (SB16). The encryptedkey-generation program Enc (key-generation program, program inherentkey) is written in the external memory 100 (SB17). Then, the HASH valuestored in the external memory 100 is set in the general area 13 of thesecure memory 10 through the through section 52 (SB18).

Then, the value of the installation mode flag stored in the general area13 of the secure memory 10 is set to “OFF” by the CPU 65 (SB19). Then,the encrypted key-generation key Enc (key-generation key, MK1), Enc(MK1, CK), which has been stored in the general area 13 of the securememory 10, is deleted (SB1A). On the other hand, the encryptedkey-generation program Enc (key-generation program, key-generation key)and the HASH value, which have been stored in the external memory 100,are deleted (SB1B).

In key management/issuance phase PB2, key management/issuance processingSB2 is executed. FIG. 11 is a flowchart of processing SB2. FIGS. 12 and13 illustrate a dataflow of processing SB2. The encryption engine 54 forprogram decryption which is included in the external host I/F 50 isactivated depending on the mode ID and the value of the installationmode flag.

In the first place, the encrypted program inherent key Enc (programinherent key, MK0), Enc (MK0, CK), which has been stored in theunrewritable area 11 of the secure memory 10, is set in an encrypted keystorage register of the private key arithmetic processing section 20(SB21). The encrypted program inherent key is decrypted using theprogram encryption seed installed in the key-generation/update sequencer30 to obtain a program inherent key (SB22). Then, the obtained programinherent key is set in a program inherent key storage register of theencryption engine 54 for program decryption which is included in theexternal host I/F 50 (SB23).

Thereafter, the encrypted key-generation program Enc (key-generationprogram, program inherent key), which has been encrypted using theprogram inherent key and stored in the external memory 100, is decryptedthrough the encryption engine 54 for program decryption which isincluded in the program processing section 51 of the external host I/F50. The decrypted key-generation program is taken into the HASHcalculation section 70 to calculate the HASH value (SB24). Thecalculated HASH value is compared with the HASH value stored in thegeneral area 13 of the secure memory 10 to check whether or not thekey-generation program is tampered (SB25). If the HASH values are equalto each other (No at SB26), the process proceeds to the key-generationprogram Enc (key-generation program, program inherent key) stored in theexternal memory 100 to execute generation of a key (SB27). If the HASHvalues are not equal to each other (Yes at SB26), it is determined thatsome fraud has been committed, and a fraudulent access control procedureis executed (SB28).

In the key-generation mode, the through section 52 is activated forinputting a program therethrough, or the encryption engine 54 forprogram decryption is activated to decrypt and input an encryptedprogram, but nothing else is executed. Thus, the operation of the secureLSI device 1 is restricted such that execution of a raw (binary) programis prohibited.

<Development Mode>

When the mode ID is “10”, the secure LSI device 1 is set to thedevelopment mode to execute program encryption processing SC1, raw(binary) program execution processing SC2, program installationprocessing SC3, or encrypted program execution processing SC4 dependingon the value of the jumper 43 (determined at SC0).

In application program development phase PC1, the delay section 53 isactivated to execute raw (binary) program execution processing SC2,whereby an application program is developed. The developed applicationprogram is stored in the external memory 100.

In application program encryption phase PC2, program encryptionprocessing SC1 is executed. FIG. 14 is a flowchart of program encryptionprocessing SC1. FIG. 15 illustrates a dataflow of processing SC1. In thefirst place, common key information, i.e., the encrypted program commonkey Enc (program common key, MK2), Enc (MK2, CK), which has been storedin the general areas 14 of the secure memory 10, is set in the privatekey arithmetic processing section 20 (SC11). The encrypted programcommon key is decrypted using the program encryption seed installed inthe key-generation/update sequencer 30 to obtain a program common key(SC12). Then, a raw (binary) application program stored in the externalmemory 100 is read into the secure LSI device 1 and encrypted using theprogram common key decrypted at SC12, and the encrypted applicationprogram is written in the external memory 100 (SC13). Furthermore, theraw (binary) application program of the external memory 100 isHASH-calculated by the HASH calculation section 70, and the calculatedHASH value is written in the external memory 100 (SC14).

As a result of the operation described above, the encrypted applicationprogram which is encrypted using the program common key, i.e., Enc(application program, program common key), and the HASH value of theapplication program are generated.

In application program installation phase PC3, program installationprocessing SC3 is executed. In application program debug phase PC4,encrypted program execution processing SC4 is executed. These processingare the same as processing SD1 and SD2 in the product operation mode,respectively, and therefore, details thereof will be described later.

As described above, an LSI device 1, which has a secure memory 10including an unrewritable area 11 and which possesses highconfidentiality, is employed as an environment for developing a programby changing the operation mode of the LSI device 1 from the installationmode to the development mode, whereby the security of the programdevelopment environment is improved as compared with conventionaltechniques.

Furthermore, an encrypted common key (common key information) stored inthe secure memory 10 is decrypted into a raw common key, and encryptionof a raw (binary) program is performed using the raw common key. Thus,encryption of a raw (binary) program can be executed while keeping theraw common key secret from a program developer.

Further still, decryption into a raw common key and encryption of a raw(binary) program with the raw common key are executed not by an externalinstruction but by a boot program. Thus, encryption of the raw (binary)program can be executed while surely keeping the raw common key secretfrom a program developer.

<Product Operation Mode>

When the mode ID is “11”, the secure LSI device 1 is set to the productoperation mode to execute program installation processing SD1 or normalboot processing SD2 depending on the value of the installation mode flag(determined at SD0).

In product installation phase PD1, program installation processing SD1is executed. FIG. 16 is a flowchart of processing SD1. FIGS. 17 and 18illustrate a dataflow of processing SD1. The through section 52 of theprogram processing section 51 included in the external host I/F 50 isactivated depending on the mode ID and the value of the installationmode flag.

In the first place, inherent key information, i.e., the encryptedprogram inherent key Enc (program inherent key, MK0), Enc (MK0, CK),which has been stored in the unrewritable area 11 of the secure memory10, is set in the encrypted key storage register of the private keyarithmetic processing section 20 (SD11). The encrypted program inherentkey is decrypted using the program encryption seed installed in thekey-generation/update sequencer 30 to obtain a program inherent key(SD12). Then, common key information, i.e., the encrypted program commonkey Enc (program common key, MK2), Enc (MK2, CK), which has been set ininitial value setting phase PD0, is set in the encrypted key storageregister of the private key arithmetic processing section 20 (SD11). Theencrypted program common key is decrypted using the program encryptionseed installed in the key-generation/update sequencer 30 to obtain aprogram common key (SD14).

Thereafter, the encrypted application program Enc (application program,program common key), which has been encrypted with the program commonkey and stored in the external memory 100, is taken into the private keyarithmetic processing section 20 through the through section 52 of theprogram processing section 51 included in the external host I/F 50 (SD15). After being read into the private key arithmetic processing section20, the encrypted application program is decrypted with the programcommon key and then encrypted with the program inherent key to obtain anencrypted application program Enc (application program, program inherentkey) (SD16). The encrypted application program Enc (application program,program inherent key) is written in the external memory 100 (SD17).Then, the HASH value stored in the external memory 100 is set in thegeneral area 13 of the secure memory 10 through the through section 52(SD18).

Then, the value of the installation mode flag stored in the general area13 of the secure memory 10 is set to “OFF” by the CPU 65 (SD19). Then,the encrypted program common key Enc (program common key, MK1), Enc(MK1, CK), which has been stored in the general area 13 of the securememory 10, is deleted (SD1A). On the other hand, the encryptedapplication program Enc (application program, program common key) andthe HASH value, which have been stored in the external memory 100, aredeleted (SD1B).

That is, before being installed in a system, the common key-encryptedprogram is converted to an inherent key-encrypted program by switchingthe key for encryption from the common key to the inherent key. As aresult, programs installed in different products of users are programsencrypted with different inherent keys, and thus, the confidentiality ofthe programs is improved. Furthermore, even if a cipher (encryption) isbroken, the number of products to be damaged is restricted, andtherefore, the security level is improved as compared with conventionaltechniques.

The inherent key may be generated based on an inherent ID. Specifically,for example, a unique inherent ID is installed as inherent keyinformation in the secure memory 10 of each secure LSI device 1. Inproduct installation phase PD1, an inherent key may be generated fromthe installed inherent ID by a boot program.

In product operation phase PD2, normal boot processing SD2 is executed.FIG. 19 is a flowchart of processing SD2. FIGS. 20 and 21 illustrate adataflow of processing SD2. The encryption engine 54 for programdecryption which is included in the external host I/F 50 is activateddepending on the mode ID and the value of the installation mode flag.

In the first place, the encrypted program inherent key Enc (programinherent key, MK0), Enc (MK0, CK), which has been stored in theunrewritable area 11 of the secure memory 10, is set in the encryptedkey storage register of the private key arithmetic processing section 20(SD21). The encrypted program inherent key is decrypted using theprogram encryption seed installed in the key-generation/update sequencer30 to obtain a program inherent key (SD22). The obtained programinherent key is set in the program inherent key storage register of theencryption engine 54 for program decryption which is included in theexternal host I/F 50 (SD23).

Thereafter, a data inherent ID stored in the unrewritable area 11 of thesecure memory 10 is set in the inherent ID storage register of theprivate key arithmetic processing section 20 (SD24). Then, randomnumbers are generated by the CPU 65 and set in a random number storageregister (SD25). The private key arithmetic processing section 20generates a data inherent key from the data inherent ID and the randomnumbers (SD26).

Thereafter, the encrypted application program Enc (application program,program inherent key), which has been encrypted with the programinherent key and stored in the external memory 100, is decrypted throughthe encryption engine 54 for program decryption which is included in theprogram processing section 51 of the external host I/F 50. The decryptedapplication program is transferred to the HASH calculation section 70,and the HASH value thereof is calculated (SD27). The calculated HASHvalue is compared with the HASH value stored in the general area 13 ofthe secure memory 10 to check whether or not the application program istampered (SD28). If the HASH values are equal to each other (No atSD29), the process proceeds to the application program Enc (applicationprogram, program inherent key) stored in the external memory 100 toexecute its application (SD2A). If the HASH values are not equal to eachother (Yes at SD29), it is determined that some fraud has beencommitted, and a fraudulent access control procedure is executed (SD2B).

In the product operation mode, the through section 52 is activated forinputting a program therethrough, or the encryption engine 54 forprogram decryption is activated to decrypt and input an encryptedprogram, but nothing else is executed. Thus, the operation of the secureLSI device 1 is restricted such that execution of a raw (binary) programis prohibited.

In the development mode and the product operation mode, if it isattempted to externally execute a process of generating a key using theprivate key arithmetic processing section 20, such an attempt from theoutside is discriminated and prohibited by the key-generation/updatesequencer 30. That is, in the development mode and the product operationmode, the key-generation/update sequencer 30 restricts the operation ofthe secure LSI device 1 such that the program encryption seed cannot beused except at the time of boot-up of the secure LSI device 1. Thus, aprocess of generating a key cannot be executed.

According to the present embodiment, programs and data are stored in theexternal memory 100 while initial values to be set in the secure memory10 are stored in the external tool 110. However, according to thepresent invention, the programs, data and initial values may be storedin any of the external memory 100 and the external tool 110. Forexample, no problem would occur even if the programs and data are readfrom the external tool 110 and re-encrypted.

In the present embodiment, each processing is executed by a bootprogram, but the present invention is not limited thereto. A portion orthe entirety of the processing may be executed by some other means.However, it should be noted that the security can be improved byexecuting the processing not by an external instruction but by the bootprogram.

As described above, according to the present invention, an LSI device,which has a secure memory including an unrewritable area and whichpossesses high confidentiality, is employed as an environment fordeveloping a program by changing the operation mode of the LSI devicefrom the installation mode to the development mode, whereby the securityof the program development environment is improved as compared withconventional techniques.

1. A method for developing a program which is to be installed in asystem having an LSI device, the LSI device having a secure memory whichincludes an unrewritable area, the method comprising the steps of:providing another LSI device having the same structure as that of theLSI device; setting the provided LSI device to a development mode basedon an inherent and permanent key information for the development mode,which is implemented in the unrewritable area of the LSI device inadvance, so that the provided LSI device is used as a development LSIdevice, the development mode being different from a product operationmode employed at the times of program installation and productoperation, the inherent and permanent key information for thedevelopment mode being different from an inherent and permanent keyinformation for the product operation mode; and developing the programon the development LSI device.
 2. The method of claim 1, wherein theoperation of the provided LSI device is restricted such that when beingset to the development mode, the provided LSI device can execute a raw(binary) program, and when being set to the product operation mode, theprovided LSI device cannot execute a raw (binary) program with anexecutable form but can execute an encrypted program.
 3. The method ofclaim 1, further comprising the step of encrypting the program developedon the development LSI device at the program development step.
 4. Themethod of claim 1, wherein the operation of the LSI device is restrictedsuch that when being set to the development mode, the LSI device cannotgenerate a key for encrypting a raw (binary) program.
 5. The method ofclaim 1, further comprising the steps of: providing an LSI device havingthe same structure as that of the LSI device; setting the provided LSIdevice to a key-generation mode so that the provided LSI device is usedas an key-generation LSI device, the key-generation mode being differentfrom the development mode and the product operation mode; and installingan encrypted key-generation program in the key-generation LSI device andexecuting the key-generation program to generate a key.
 6. The method ofclaim 5, wherein the operation of the LSI device is restricted such thatwhen being set to the key-generation mode, the LSI device cannot executea raw (binary) program.
 7. The method of claim 5, further comprising thesteps of: providing an LSI device having the same structure as that ofthe LSI device; setting the provided LSI device to an administrator modeso that the provided LSI device is used as an administrator LSI device,the administrator mode being different from the development mode, theproduct operation mode, and the key-generation mode; and developing thekey-generation program and encrypting the developed key-generationprogram with any key on the administrator LSI device.
 8. A programdevelopment supporting system for supporting development of an encryptedprogram which is to be installed in a system having an LSI device, theLSI device having a secure memory which includes an unrewritable area,the system comprising: a development LSI device having the samestructure as that of the LSI device on which the encrypted program runs;and an external memory for storing a raw (binary) program, wherein thedevelopment LSI device includes a secure memory for storing encryptedcommon key information regarding a raw common key different from aninherent and permanent key used for product operation mode, which isimplemented in the LSI device in advance, and the development LSI deviceis capable of executing a first step of obtaining the raw common keyfrom the common key information stored in the secure memory, and asecond step of encrypting the raw (binary) program input from theexternal memory using the raw common key.
 9. A program developmentsupporting system for supporting development of an encrypted program,comprising: a development LSI device having the same structure as thatof an LSI device on which the encrypted program runs; and an externalmemory for storing a raw (binary) program, wherein the development LSIdevice includes a secure memory for storing common key informationregarding a raw common key, and the development LSI device is capable ofexecuting a first step of obtaining the raw common key from the commonkey information stored in the secure memory, and a second step ofencrypting the raw (binary) program input from the external memory usingthe raw common key, wherein: the common key information includes anencrypted common key which is obtained by encrypting the raw common keywith a raw first intermediate key and an encrypted first intermediatekey which is obtained by encrypting the raw first intermediate key witha second intermediate key; and the first step includes the step ofobtaining the raw common key using the encrypted common key, theencrypted first intermediate key and a program encryption seed.
 10. Aprogram development supporting system for supporting development of anencrypted program which is to be installed in a system having an LSIdevice, the LSI device having a secure memory which includes anunrewritable area, the system comprising: a development LSI devicehaving the same structure as that of an LSI device on which theencrypted program runs; and an external memory for storing a raw(binary) program, wherein the development LSI device includes a securememory for storing encrypted common key information regarding a rawcommon key different from an inherent and permanent key used for productoperation mode, which is implemented in the LSI device in advance, and aboot ROM for storing a boot program, and by executing the boot programstored in the boot ROM, the development LSI device executes a first stepof obtaining a raw common key from the common key information stored inthe secure memory, and a second step of encrypting the raw (binary)program input from the external memory using the raw common key.
 11. Aprogram development supporting system for supporting development of anencrypted program, comprising: a development LSI device having the samestructure as that of an LSI device on which the encrypted program runs;and an external memory for storing a raw (binary) program, wherein thedevelopment LSI device includes a secure memory for storing common keyinformation regarding a raw common key, and a boot ROM for storing aboot program, and by executing the boot program stored in the boot ROM,the development LSI device executes a first step of obtaining a rawcommon key from the common key information stored in the secure memory,and a second step of encrypting the raw (binary) program input from theexternal memory using the raw common key, wherein: the common keyinformation includes an encrypted common key which is obtained byencrypting the raw common key with a raw first intermediate key and anencrypted first intermediate key which is obtained by encrypting the rawfirst intermediate key with a second intermediate key; and the firststep includes the step of obtaining the raw common key using theencrypted common key, the encrypted first intermediate key and a programencryption seed.
 12. The method of claim 1, wherein the inherent andpermanent key information is not outputted from the LSI device in boththe development mode and the product operation mode.